96% of third-party container applications deployed in the cloud infrastructure contain known vulnerabilities.<\/p>\n\n\n\n
The Palo Alto Unit 42 researchers reported this in their conclusions on the growing threats organizations face in their software supply chains today.<\/p>\n\n\n\n
The report also revealed that several critical misconfigurations and vulnerabilities allowed the Unit 42 team to take over the customer’s cloud infrastructure within days, even for customers with a “mature” cloud security posture.<\/p>\n\n\n\n
The report states: “In most supply chain attacks, an attacker compromises a vendor and inserts malicious code in software used by customers. Cloud infrastructure can fall prey to a similar approach in which unvetted third-party code could introduce security flaws and give attackers access to sensitive data in the cloud environment. Additionally, unless organizations verify sources, third-party code can come from anyone, including an Advanced Persistent Threat.”<\/p>\n\n\n\n
For Valtix CTO Vishal Jain, he suggested that companies should focus on security during construction, including scanning IaC originals used to build cloud infrastructure and security at runtime.<\/p>\n\n\n